1. Field of the Invention
The present invention relates to computerized methods and systems for enabling digital signature auditing. More particularly, the present invention relates to computerized methods and systems involving a server communicating with a number of concurrent applications that requests timestamps for application-relevant events.
2. Related Art
A secure cryptoprocessor is known to be a dedicated chip or microprocessor, carrying out cryptographic operations, mostly embedded in a packaging with various physical security measures, and providing a degree of tamper resistance.
For example, smartcards are well-known forms of secure cryptoprocessors, although more complex cryptoprocessors are widely deployed in sensitive systems such as Automated teller machines, see e.g., Wikipedia contributors. “Secure cryptoprocessor.” Wikipedia, The Free Encyclopedia. Wikipedia, The Free Encyclopedia, 29 Nov. 2010. Web. 23 Feb. 2011.
One skilled in the art also knows hardware security modules (HSM), i.e., a type of secure cryptoprocessor for managing digital keys, accelerating cryptoprocesses in terms of digital signings and for providing strong authentication to access critical keys for server applications.
Such modules are physical devices traditionally in the form of plug-in cards or external TCP/IP security devices, which can be attached directly to a computer (server or general purpose computer), see e.g., Wikipedia contributors. “Hardware security module.” Wikipedia, The Free Encyclopedia. Wikipedia, The Free Encyclopedia, 8 Feb. 2011. Web. 23 Feb. 2011.
HSMs can notably be used to deliver digitally signed data such as timestamps. Digital signature generally means data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient, see e.g., CEN Information Society Standardization System. CWA 14167-4: Cryptographic Module for CSP Signing Operations Protection Profile, October 2003. Version: 0.28. CEN/ISSS Electronic Signature (E-SIGN) Workshop (hereinafter “CEN”).
One skilled in the art further knows specifications for cryptographic modules for certification-service-provider signing operations. Such cryptographic modules provide identification authentication, access control and audit for users of its services, see e.g., CEN.
Also, one skilled in the art knows the system “Logcrypt”, which provides strong cryptographic assurances that data stored by a logging facility before a system compromise cannot be modified after the compromise without detection. See Jason E. Holt. Logcrypt: forward security and public verification for secure audit logs, In ACSW Frontiers '06: Proceedings of the 2006 Australasian workshops on Grid computing and e-research, pages 203-211. Australian Computer Society, Inc., 2006 (herein after “Holt”). There are other implementations based on the nonmalleable properties of hash chains.
Information and Computation, 165(1): 100-116, 2001 discloses “How to Sign Digital Streams” by Rosario Gennaro and Pankaj Rohtagi, hereinafter (Gennaro) and Pankaj Rohatgi.
IMM-B.Eng.-2010-34, 2010, Technical University of Demark discloses “Providing a tamper-evident layer for logs using secure hardware,” which is an Academic Dissertation by Emil Gurevitch.